Creating a Comprehensive Vulnerability Assessment Program for a Large Company Using QualysGuard

An interesting paper by Tim Proffitt titled, “Creating a Comprehensive Vulnerability Assessment Program for a Large Company Using QualysGuard”

Vulnerability Assessment, according to, is the process of

identifying and quantifying vulnerabilities in a system. Vulnerability assessment

can be used against many different types of systems such as a home security

alarm, the protection of a nuclear power plant or a military outpost. Note that

vulnerability assessment is different from risk assessments even though they share

some of the same commonalities. Vulnerability Assessment concerns itself with

the identification of vulnerabilities, the possibilities of reducing those

vulnerabilities and improving the capacity to manage future incidents. This paper

will focus primarily on vulnerability assessment as it pertains to information

technology infrastructure and how utilizing QualysGuard can ease the burden on

your technology staff.

With today’s global marketplace, companies cannot afford to tarnish their

reputation with a public security incident. Corporations can suffer major financial

losses if a security incident is encountered in the business. The fear of revenue

loss should motivate companies to begin taking proactive measures against

vulnerabilities in their infrastructure. The concept of vulnerability assessment is a

critical process that should be followed in any organizations as a way to identify,

assess and respond to new vulnerabilities before those vulnerabilities become a


To obtain a copy of this paper, you can find it here at SANS Reading Room

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.